* Go: Bump to 1.24.2
It is not likely we are actually affected by the CVEs, but updating proactively is not a bad idea nonetheless.
Fixes: CVE-2025-22871
Fixes: https://github.com/grafana/grafana-operator-experience-squad/issues/1311
* CI: Update golangci-lint
* feat: update swagger
* feat: update swagger
* fix: remove enterprise imports
unistore: use the same connection string as grafana (#102387)
(cherry picked from commit 4927376f32)
Co-authored-by: Georges Chaudy <chaudyg@gmail.com>
App Platform: Pin bleve to fix CVE-2022-31022
This pins Bleve to a soon-to-be v2.5.0 commit.
Fixes CVE-2022-31022. We can unpin when v2.5.0 releases (likely March 25th).
We do not need any new features or similar, though there are some fixes that are nice to receive.
We will **not** backport this fix farther as we aren't actually vulnerable to anything via CVE-2022-31022; we never use its code, nor does Bleve. The reason we are fixing this is to get Trivy to stop complaining.
Alerting: Include time range in templated dashboard and panel urls
Time range:
from=Alert.StartsAt-1hr
Firing Alerts: to=Current Timestamp
Resolved Alerts: to=Alert.EndsAt
* WIP adding custom analyzer so we can do substring search efficiently
* Adding unit tests for title search
* formatting
* adds more title search unit tests
* organize helpers
* fixes issue caused by having two title mappings
* Removes camelcase token filter since it prevents you from searching for a substring of chars and numbers. Adds regression test.
* adds back mapping for title_phrase
* use simple analyzer for input query string so it doesn't filter out english stop words
* ran bleve tests, table snapshots updated
* ignore linter for "unused" test functions. They are very helpful for troubleshooting search. Keeping them.
* only log total hits and query cost if result not nil
* fixes failing test - one more field because there are two title mappings now
* fix test
* fixes test - only take first item when its the title
* Adds separate internal field for title ngram mapping.
When searching with a query, results are sorted by score desc.
When searching without a query, results are sorted by title desc.
Adjusts ngram max to be 10.
Text queries are a disjunction of an exact match, phrase match, and a match. Boosted to have priority in that order.
Adds more unit tests for searching.
* linter
* fix test
* ran tests - generated new test dash json
* sort by title phrase instead of title
* fix test - not relying on /apis/dashboard/search to apply title sorting anymore
* Adds ability to run integration tests against spanner (by using GRAFANA_TEST_DB=spanner env variable. SPANNER_DB variable then specifies database to use: spannertest, emulator or string like /projects/<project>/instances/<instance>/databases/<db>)
* Adds feature to migration dialects to create database from a snapshot, instead of running individual migrations.
* Adds first version of Spanner snapshot, prepared from "OSS" migrations.
* Uses generated bit-reversed-positive values instead of auto_increment. (As an experiment)
* Chore: Bump golang.org/x/net to v0.36.0
* Chore: Use github.com/moby/moby version 27.5.1 instead of 26.0.0
* Chore: Bump github.com/ua-parser/uap-go to v0.0.0-20250213224047-9c035f085b90
* Chore: Bump github.com/grpc-ecosystem/go-grpc-middleware/v2 to fix 32-bit overflow issue
* Add isProvisioned field to model
* Add new isProvisioned column to migration
* Disable auto assignment to organization if the user is provisioned
* add annotation to user model
* add annotation to user models
* Remove IsProvisioned field from Identity
* Move new field assignenment and add default value
* Update annotations for user query results
* Remove isProvisioned from identity
* Add new column to test
* Resolve user from identity at SyncOrgHook
* make it build and start
* run some migrations
* add build tags, remove log
* remove unused code
* revert go.mod changes
* move initialisation into dialect file
* update workspace
* update workspace once again
* clean up dependencies
* further cleanup
* Address some review feedback.
* Fix go.sum.
---------
Co-authored-by: Peter Štibraný <pstibrany@gmail.com>
Expand template testing to try additional scopes if the root scope fails.
This mitigates errors for definitions like pagerduty.default.instances,
which require the .Alerts scope. Added support for .Alerts and .Alert
scopes.
* move prometheus.register for unified storage metrics into metrics.go and do most of the plumbing to get it to work
* convert StorageApiMetrics to pointer and check for nil before using it
* rename type and variables to something more sensible
---------
Co-authored-by: Jean-Philippe Quéméner <jeanphilippe.quemener@grafana.com>
* add tests for broacaster
* fix sql notifier not closing the stream
* fix sql notifier not closing the stream
* close sub
* fix broadcaster test
* fix broadcaster test
* suggestion
* Send new annotation containing image url
* Use new image TokenProvider with TokenStore
New abstraction GetImage no longer needs to support parsing both token and
url from annotations, as remote AM will use the new URLProvider. Instead, we
use the new generic TokenProvider and give it a TokenStore backed by the
grafana database.
That means we revert back to always using token simplifying code and security
considerations.
* Upgrade grafana/alerting to merged commit SHA
Matheus Macabu
Mariell Hoversholm
grafana-delivery-bot[bot]
Denis Vodopianov
Karl Persson
Matthew Jacobson
maicon
owensmallwood
Jean-Philippe Quéméner
Will Assis
Ryan McKinley
Peter Štibraný
Tania
alerting-team[bot]
Alexander Zobnin
linoman
Serge Zaitsev
dependabot[bot]
ismail simsek
Georges Chaudy
Alexander Akhmetov
William Wernert
Yuri Tseretyan
Todd Treece